Method and device for generating access stratum key in communications system

ABSTRACT

In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2012/086580, filed on Dec. 13, 2012, which claims priority toChinese Patent Application No. 201110421275.9, filed on Dec. 15, 2011,both of which are hereby incorporated by reference in their entireties.

TECHNICAL FIELD

The present invention relates to the radio communication field, and moreparticularly, to a method and a device thereof for generating an accessstratum key in a communications system.

BACKGROUND

In a newly proposed LTE-Hi (Long Term Evolution-Hi, Long TermEvolution-Hi) architecture, a user equipment (User Equipment, UE) mayaccess a core network via an evolved NodeB (evolved NodeB, eNB), or mayconnect to the eNB via an LTE-Hi access point (LTE-Hi Access Point,LTE-Hi AP) and then access the core network via the eNB. The UE may alsodirectly connect to a gateway device on another network via the LTE-HiAP. In the LTE-Hi architecture, the UE has two radio air interfaces,that is, a Uu air interface between the UE and the eNB and a Uu′ airinterface between the UE and the LTE-Hi AP.

The LTE-Hi architecture not only can support the scenario in which theUE performs access initially from the LTE-Hi AP and then some servicesare transferred to the eNB, but also can support the scenario in whichthe UE performs access initially from the eNB and then some services aretransferred to the LTE-Hi AP. Therefore, an air interface securitymechanism for the Uu′ air interface needs to be compatible with theforegoing two scenarios. The UE may receive data through two linkscorresponding to the Uu′ air interface and the Uu air interface at thesame time to communicate with the LTE-Hi AP and the eNB at the sametime. In such a scenario, two branches have their own air interfaces.Generation, maintenance, modification and deletion of an access stratum(Access Stratum, AS) security context on the two air interfaces need tobe considered to ensure security of data transmitted over each airinterface.

However, in the prior art, only a manner of generating an AS key on theUu air interface is provided, while how to generate the AS key on theUu′ air interface is not involved. As a result, security of datatransmission over the Uu′ air interface cannot be ensured.

SUMMARY

The present invention provides a method and a device thereof forgenerating an access stratum key in a communications system, whichsolves a problem in the prior art where security of data transmissionover two air interfaces of a UE cannot be ensured at the same time andallows the UE to perform secure data transmission over the two airinterfaces, thereby improving system security.

According to one aspect, the present invention provides a method forgenerating an access stratum key in a communications system. In thecommunications system, a user equipment UE accesses a core network via afirst network-side device by using a first air interface and connects tothe first network-side device via a second network-side device by usinga second air interface to access the core network. The method includes:acquiring, by the network-side device, an input parameter, where theinput parameter includes a time-varying parameter and/or a parameterrelated to a serving cell of the second network-side device;calculating, by the network-side device, an access stratum root keyKeNB* on the second air interface according to the input parameter andan access stratum root key KeNB on the first air interface, or using, bythe network-side device, the KeNB as the access stratum root key KeNB*on the second air interface; and generating, by the second network-sidedevice, an access stratum key on the second air interface according tothe KeNB*, or sending, by the first network-side device, the KeNB* tothe second network-side device so that the second network-side devicegenerates the access stratum key on the second air interface accordingto the KeNB*.

According to another aspect, the present invention provides a method forgenerating an access stratum key in a communications system. In thecommunications system, a user equipment UE accesses a core network via afirst network-side device by using a first air interface and connects tothe first network-side device via a second network-side device by usinga second air interface to access the core network. The method includes:acquiring, by the UE, an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the second network-side device; calculating, by the UE,an access stratum root key KeNB* on the second air interface accordingto the input parameter and an access stratum root key KeNB on the firstair interface, or using, by the UE, the KeNB as the access stratum rootkey KeNB* on the second air interface; and generating, by the UE, anaccess stratum key on the second air interface according to the KeNB*.

According to still another aspect, the present invention provides anetwork-side device in a communications system. In the communicationssystem, a user equipment UE accesses a core network via a firstnetwork-side device by using a first air interface and connects to thefirst network-side device via a second network-side device by using asecond air interface to access the core network. The network-side deviceincludes: an acquiring module, configured to acquire an input parameter,where the input parameter includes a time-varying parameter and/or aparameter related to a serving cell of the second network-side device; acalculating module, configured to calculate an access stratum root keyKeNB* on the second air interface according to the input parameter andan access stratum root key KeNB on the first air interface, or use theKeNB as the access stratum root key KeNB* on the second air interface;and a generating module, configured to generate an access stratum key onthe second air interface according to the KeNB*, or a sending module,configured to send the KeNB* to the second network-side device so thatthe second network-side device generates the access stratum key on thesecond air interface according to the KeNB*.

According to still another aspect, the present invention provides a userequipment in a communications system. In the communications system, theuser equipment UE accesses a core network via a first network-sidedevice by using a first air interface and connects to the firstnetwork-side device via a second network-side device by using a secondair interface to access the core network. The user equipment includes:an acquiring module, configured to acquire an input parameter, where theinput parameter includes a time-varying parameter and/or a parameterrelated to a serving cell of the second network-side device; acalculating module, configured to calculate an access stratum root keyKeNB* on the second air interface according to the input parameter andan access stratum root key KeNB on the first air interface, or use theKeNB as the access stratum root key KeNB* on the second air interface;and a generating module, configured to generate an access stratum key onthe second air interface according to the KeNB*.

Based on the foregoing technical solutions, the second network-sidedevice may acquire the KeNB* that is acquired based on the KeNB on thefirst air interface, and the user equipment may calculate the KeNB*according to the KeNB known by itself. In this way, the secondnetwork-side device and the user equipment may have the same accessstratum root key KeNB* on the second air interface. The secondnetwork-side device and the user equipment may generate the same accessstratum key according to the same KeNB*, which may improve security ofdata transmission over the second air interface and ensure security ofdata transmitted between the second network-side device and the userequipment when the access stratum key is used for data transmission overthe second air interface.

BRIEF DESCRIPTION OF DRAWINGS

To describe the technical solutions in the embodiments of the presentinvention more clearly, the following briefly introduces theaccompanying drawings required for describing the embodiments.Apparently, the accompanying drawings in the following description showmerely some embodiments of the present invention, and a person skilledin the art may still derive other drawings from these accompanyingdrawings without creative efforts.

FIG. 1 is a flowchart of a method for generating an access stratum keyperformed by a base station according to an embodiment of the presentinvention;

FIG. 2 is a flowchart of a method for generating an access stratum keyperformed by an access device according to an embodiment of the presentinvention;

FIG. 3 is a flowchart of a method for generating an access stratum keyperformed by a user equipment according to an embodiment of the presentinvention;

FIG. 4 is a schematic diagram of an example of an LTE-Hi architecture;

FIG. 5 is an example of a control plane protocol stack in the LTE-Hiarchitecture illustrated in FIG. 4;

FIG. 6 is an example of a data link protocol stack in the LTE-Hiarchitecture illustrated in FIG. 4;

FIG. 7 is a second example of generating an access stratum key between aUE and an LTE-Hi AP in an LTE-Hi architecture;

FIG. 8 is a flowchart of another method for generating an access stratumkey performed by a base station according to an embodiment of thepresent invention;

FIG. 9 is a flowchart of another method for generating an access stratumkey performed by an access device according to an embodiment of thepresent invention;

FIG. 10 is a flowchart of another method for generating an accessstratum key performed by a user equipment according to an embodiment ofthe present invention;

FIG. 11 is a third example of generating an access stratum key between aUE and an LTE-Hi AP in an LTE-Hi architecture;

FIG. 12 is a flowchart of still another method for generating an accessstratum key performed by a base station according to an embodiment ofthe present invention;

FIG. 13 is a flowchart of still another method for generating an accessstratum key performed by an access device according to an embodiment ofthe present invention;

FIG. 14 is a flowchart of still another method for generating an accessstratum key performed by a user equipment according to an embodiment ofthe present invention;

FIG. 15 is a structural block diagram of a network-side device in acommunications system according to an embodiment of the presentinvention;

FIG. 15a is another structural block diagram of a network-side device ina communications system according to an embodiment of the presentinvention;

FIG. 16 is another structural block diagram of a network-side device ina communications system according to an embodiment of the presentinvention;

FIG. 16a is another structural block diagram of a network-side device ina communications system according to an embodiment of the presentinvention;

FIG. 17 is a structural block diagram of a user equipment in acommunications system according to an embodiment of the presentinvention; and

FIG. 18 is another structural block diagram of a user equipment in acommunications system according to an embodiment of the presentinvention.

DESCRIPTION OF EMBODIMENTS

The following clearly describes the technical solutions in theembodiments of the present invention with reference to the accompanyingdrawings in the embodiments of the present invention. Apparently, thedescribed embodiments are a part rather than all of the embodiments ofthe present invention. All other embodiments obtained by a personskilled in the art based on the embodiments of the present inventionwithout creative efforts shall fall within the protection scope of thepresent invention.

Firstly, a method 100 for generating an access stratum key in acommunications system according to an embodiment of the presentinvention is described with reference to FIG. 1. In the communicationssystem, a UE accesses a core network via a base station by using a firstair interface and connects to the base station via an access device byusing a second air interface to access the core network. Therefore, thecommunications system that the method 100 applies to is a systemsupporting data offloading transmission, and the UE may connect to thebase station by using the two air interfaces at the same time. Such acommunications system may include but is not limited to: an LTE-Hiarchitecture, an LTE-WiFi architecture, a WCDMA-WiFi architecture, andthe like.

As shown in FIG. 1, the method 100 includes:

in S110, acquiring an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the access device;

in S120, calculating an access stratum root key KeNB* on the second airinterface according to the input parameter and an access stratum rootkey KeNB on the first air interface, where the KeNB* is also calculatedby the UE according to the input parameter and the KeNB; and

in S130, sending the KeNB* to the access device so that the accessdevice generates an access stratum key on the second air interfaceaccording to the KeNB*, where the access stratum key on the second airinterface is also generated by the UE according to the KeNB*.

The method 100 is performed by the base station. According to the priorart, the base station and the UE may save the KeNB on the first airinterface. In this embodiment of the present invention, the accessdevice connected to the second air interface and the UE need to have thesame KeNB*, where the KeNB* is used as a root key for deriving the ASkey on the second air interface so that the access device and the UE maygenerate the same AS key on the second air interface. It should be notedthat, in this specification, the base station may also be called a firstnetwork-side device and the access device may also be called a secondnetwork-side device.

The base station may acquire the KeNB* by using the input parameter andthe KeNB. The UE may also acquire the KeNB* by using the input parameterand the KeNB. When the base station sends the KeNB* to the access deviceconnected to the second air interface, the UE and the access deviceconnected to the second air interface have the same KeNB* so as togenerate, based on the same root key, the AS key on the second airinterface.

The input parameter required for generating the KeNB* may include thetime-varying parameter and/or the parameter related to the serving cellof the access device. In this way, different embodiments may havedifferent manners for flexibly calculating the KeNB*. The time-varyingparameter is a parameter varying along the time, may be a value of aspecific counter, may be a random number generated randomly, or may beanother parameter that a person skilled in the art may think of and thatuses the time as an argument. The parameter related to the serving cellof the access device may include but is not limited to a cell identifierof the serving cell of the access device and/or a central frequency ofthe serving cell of the access device. The parameter related to theserving cell of the access device may also be another physical parameterthat a person skilled in the art may think of and the serving cell ofthe access device has.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a PDCP (Packet Data Convergence Protocol, PacketData Convergence Protocol) COUNT (count) value of a bearer of the UE onthe first air interface. The PDCP COUNT value is a count value thatalready exists in the prior art. The count value progressively increaseswith sending and receiving of a data packet on a corresponding bearer.In this way, the base station and the UE may conveniently acquire thetime-varying parameter by specifying the PDCP COUNT value of a bearer onthe base station and the UE instead of by exchanging a message, whichmay save network resources.

For example, the PDCP COUNT value may be a PDCP COUNT value of a bearercorresponding to a configuration message. According to one embodiment ofthe present invention, the configuration message may be a configurationmessage used for the base station to configure the second air interface.Only a few configuration messages used for the base station to configurethe second air interface are sent. Therefore, such a case occursdifficultly that the PDCP COUNT value of the bearer corresponding to theconfiguration message is re-counted because the count value reaches themaximum value so that the PDCP COUNT value used for calculating theKeNB* is different each time, thereby helping ensure that the KeNB*calculated for the UE is different. In other embodiments, theconfiguration message may also be a configuration message used for thebase station to configure another air interface or channel. In addition,the PDCP COUNT value may also be a PDCP COUNT value of a bearercorresponding to a service of the UE on the first air interface, forexample, a file download service and the like.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the base station. Inthis case, the base station acquires the input parameter according tothe random number generated by itself. To enable the UE to also acquirethe input parameter, the base station needs to send the random numbergenerated by itself to the UE. For example, the base station may sendthe configuration message used for configuring the second air interfaceto the UE, where the configuration message carries the random numbergenerated by the base station. In this way, carrying the random numberin the configuration message may prevent an increase in network overheaddue to use of a new message to transmit the random number and ensurethat transmission of the random number does not affect an existingmessage sending sequence. The UE and the base station may generate thesame KeNB* by using the same input parameter.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the UE. In this case,the UE acquires the input parameter according to the random numbergenerated by itself. To enable the base station to also acquire theinput parameter, the UE needs to send the random number generated byitself to the base station. For example, the base station may receive,from the UE, a configuration completion message in response to theconfiguration message used for configuring the second air interface,where the configuration completion message carries the random numbergenerated by the UE. In this way, carrying the random number in theconfiguration completion message may prevent an increase in networkoverhead due to use of a new message to transmit the random number andensure that transmission of the random number does not affect theexisting message sending sequence.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a first random number generated by the basestation and a second random number generated by the UE. To enable thebase station and the UE to have the same input parameter for generatingthe same KeNB*, the base station needs to send the first random numberto the UE, for example, by using the configuration message used forconfiguring the second air interface, and the UE needs to send thesecond random number to the base station, for example, by using theconfiguration completion message in response to the configurationmessage. Generation of the KeNB* by using the random numbers separatelygenerated by the base station and the UE has higher security thangeneration of the KeNB* by using only the random number generated by thebase station or the UE.

According to one embodiment of the present invention, when the inputparameter includes the parameter related to the serving cell of theaccess device, the parameter related to the serving cell of the accessdevice may include at least one of the following items: the cellidentifier of the serving cell of the access device and the centralfrequency of the serving cell of the access device. Use of relevantparameters of different cells helps ensure that the derived KeNB* isdifferent for different cells.

After calculating the KeNB*, the base station sends it to the accessdevice. In this way, the access device and the UE may further derive theaccess stratum key on the second air interface according to the sameroot key KeNB*, thereby introducing the access stratum key on the secondair interface to help perform secure transmission. Therefore, when theaccess stratum key is used for data transmission over the second airinterface, security of data transmission over the second air interfacemay be improved and security of data transmitted between the accessdevice and the user equipment is ensured.

FIG. 1 describes the method 100 for generating an access stratum key ona base station side. The following describes a method 200 for generatingan access stratum key on an access device side according to anembodiment of the present invention with reference to FIG. 2 and amethod 300 for generating an access stratum key on a UE side accordingto an embodiment of the present invention with reference to FIG. 3. Boththe method 200 and the method 300 correspond to the method 100.Therefore, for specific descriptions of the method 200 and the method300, reference may be made to the corresponding parts of the method 100,and details are not described herein again to avoid repetition. Both themethod 200 and the method 300 apply to the following communicationssystem: a UE accesses a core network via a base station by using a firstair interface and connects to the base station via an access device byusing a second air interface to access the core network.

As shown in FIG. 2, the method 200 includes:

in S210, receiving an access stratum root key KeNB* on the second airinterface from the base station, where the KeNB* is calculated by thebase station according to an acquired input parameter and an accessstratum root key KeNB on the first air interface, the KeNB* is alsocalculated by the UE according to the input parameter and the KeNB, andthe input parameter includes a time-varying parameter and/or a parameterrelated to a serving cell of the access device; and

in S220, generating an access stratum key on the second air interfaceaccording to the KeNB*, where the access stratum key on the second airinterface is also generated by the UE according to the KeNB*.

The method 200 is performed by the access device connected to the secondair interface. The access device may have the same access stratum rootkey on the second air interface as the UE by acquiring the KeNB* fromthe base station, so that the access stratum key on the second airinterface may be derived according to the same root key, therebyintroducing the same key that helps perform secure transmission for thesecond air interface. Therefore, when the access stratum key is used fordata transmission over the second air interface, security of datatransmission over the second air interface may be improved and securityof data transmitted between the access device and the user equipment isensured.

As shown in FIG. 3, the method 300 includes:

in S310, acquiring an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the access device;

in S320, calculating an access stratum root key KeNB* on the second airinterface according to the input parameter and an access stratum rootkey KeNB on the first air interface, where the KeNB* is also calculatedby the base station according to the input parameter and the KeNB and issent to the access device; and

in S330, generating an access stratum key on the second air interfaceaccording to the KeNB*, where the access stratum key on the second airinterface is also generated by the access device according to the KeNB*.

The method 300 is performed by the user equipment. The user equipmentmay acquire the KeNB* by using the input parameter and the KeNB, and theaccess device may acquire the same KeNB* from the base station. In thisway, the user equipment and the access device may derive the same accessstratum key on the second air interface according to the same KeNB*,thereby introducing the same key for the second air interface to helpperform secure data transmission.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a PDCP COUNT value of a bearer of the UE on thefirst air interface. In this way, the base station and the UE mayconveniently acquire the time-varying parameter by specifying the PDCPCOUNT value of a bearer to calculate the KeNB* instead of by exchanginga message, which may save network resources. For example, the PDCP COUNTvalue may be a PDCP COUNT value of a bearer corresponding to aconfiguration message used for the base station to configure the secondair interface.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the base station. Inthis way, the UE needs to receive the random number from the basestation to generate the same KeNB* as the base station. For example, theUE may receive the configuration message used for configuring the secondair interface from the base station, where the configuration messagecarries the random number generated by the base station. In this way,carrying the random number in the configuration message may prevent anincrease in network overhead due to use of a new message to transmit therandom number and ensure that transmission of the random number does notaffect an existing message sending sequence.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the UE. In this case,the UE needs to send the random number generated by itself to the basestation so that the base station uses the same input parameter togenerate the same KeNB* as the UE. For example, the UE may send aconfiguration completion message in response to the configurationmessage used for configuring the second air interface to the basestation, where the configuration completion message carries the randomnumber generated by the UE. In this way, carrying the random number inthe configuration completion message may prevent an increase in networkoverhead due to use of a new message to transmit the random number andensure that transmission of the random number does not affect theexisting message sending sequence.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a first random number generated by the basestation and a second random number generated by the UE. To enable thebase station and the UE to have the same input parameter for generatingthe same KeNB*, the base station needs to send the first random numberto the UE, for example, by using the configuration message used forconfiguring the second air interface, and the UE needs to send thesecond random number to the base station, for example, by using theconfiguration completion message in response to the configurationmessage. Generation of the KeNB* by using the random numbers separatelygenerated by the base station and the UE has higher security thangeneration of the KeNB* by using only the random number generated by thebase station or the UE.

According to one embodiment of the present invention, when the inputparameter includes the parameter related to the serving cell of theaccess device, the parameter related to the serving cell of the accessdevice may include at least one of the following items: a cellidentifier of the serving cell of the access device and a centralfrequency of the serving cell of the access device. Use of relevantparameters of different cells helps ensure that the derived KeNB* isdifferent for different cells.

According to the method for generating an access stratum key in thisembodiment of the present invention, the user equipment and the accessdevice may use the same root key KeNB* to generate the same accessstratum key on the second air interface. Therefore, when the accessstratum key is used for data transmission over the second air interface,security of data transmission over the second air interface may beimproved and security of data transmitted between the access device andthe user equipment is ensured.

The following describes specific implementation of the method 100 to themethod 300 with reference to specific examples. A first example and asecond example are merely used to help understand the technicalsolutions provided by the present invention and do not pose anylimitation on the protection scope of the present invention. Before thefirst example and the second example are described, an example of acommunications system that a method for generating an access stratum keyapplies to is described with reference to FIG. 4. FIG. 4 illustrates anLTE-Hi architecture. In the architecture, a Uu air interface is thefirst air interface, a Uu′ air interface is the second air interface,and an LTE-Hi AP as an access device of the Uu′ air interface connectsto an eNB to enable a UE to access a core network. The architecture alsoaims to help better understand the technical solutions provided by thepresent invention and does not pose any limitation on the protectionscope of the present invention.

In the LTE-Hi architecture illustrated in FIG. 4, the UE may access theeNB by using the Uu air interface and then connect to an MME (MobilityManagement Entity, mobility management entity). If the UE is locatedwithin a coverage area of a serving cell of an LTE-Hi AP 1, the UE mayalso access the LTE-Hi AP 1 by using the Uu′ air interface, the LTE-HiAP 1 is converged into an LTE-Hi GW (gateway, gateway) and the LTE-Hi GWconnects to the eNB, so as to connect the UE to the MME. The LTE-Hi GWin FIG. 4 may converge signals of the LTE-Hi AP 1 and an LTE-Hi AP 2. S1connections with various LTE-Hi APs may be converged by the LTE-Hi GW,thereby reducing the number of S1 connections and implementing Hiresource management and control.

In addition to connecting to an LTE core network by using the eNB andthe LTE-Hi AP (including the LTE-Hi AP 1 or the LTE-Hi AP 2 in FIG. 4),the UE may also connect to an operator's IP service network and anInternet via an S/P GW by using the eNB and the LTE-Hi AP or connect tothe Internet and an intranet via an L-GW by using the LTE-Hi AP.

In the LTE-Hi architecture illustrated in FIG. 4, the UE connected tothe eNB and the LTE-Hi AP 1, the LTE-Hi AP 1, and the eNB may have acontrol plane protocol stack illustrated in FIG. 5. The LTE-Hi AP 1accesses the eNB by using an enhanced S1 interface, that is, an S1′interface. In addition, the UE, the LTE-Hi AP 1, and the eNB may have adata plane protocol stack illustrated in FIG. 6. Protocols illustratedin the protocol stack are the same as those in the prior art and are notdescribed herein again. According to an illustrated protocol stackexample, the UE may access the core network via the eNB by using thefirst air interface Uu air interface and connect to the eNB via theLTE-Hi AP 1 by using the second air interface Uu′ air interface toaccess the core network.

In the LTE-Hi architecture illustrated in FIG. 4, an access stratum keymay be generated between the UE and the LTE-Hi AP 1 by using theforegoing method, so that secure data transmission may be performedbetween the UE and the LTE-Hi AP 1. For brief descriptions, the LTE-HiAP 1 that the UE connects to is called an LTE-Hi node for short in thefollowing first and second examples. In addition, a third example and afourth example in the following are also described based on the LTE-Hiarchitecture in FIG. 4, and the LTE-Hi AP 1 that the UE connects to isalso called the LTE-Hi node for short.

First Example

A UE accesses a network by using an eNB. For an offloading need, the eNBestablishes a Hi branch for a Uu′ air interface. The Hi branch refers toa radio link between the UE and an LTE-Hi node.

The eNB configures the Uu′ air interface for the UE by using aconnection reconfiguration method. The UE sets up an RRC (Radio ResourceConnection, radio resource connection) with the LTE-Hi node according toa configuration message and then locally derives a KeNB* used as anaccess stratum root key on the Uu′ air interface. The eNB may derive theKeNB* according to the same logic and send the derived KeNB* to theLTE-Hi node.

As service volume changes, the eNB may release the Hi branch used foroffloading. When the Hi branch is subsequently re-added for offloading,multiple access stratum root keys derivderived by the eNB duringestablishment of the Hi branch need to be different. Therefore, a keyderivation input of the Hi branch may include a time-varying parameter.The time-varying parameter may be a PDCP COUNT value of a bearer, whichis synchronized by the eNB and UE, for example, the PDCP COUNT value ofa bearer for sending RRC signaling, or may be another time-varyingparameter calculated based on the PDCP COUNT value.

In the UE and the eNB, the following expression may be used to calculatethe KeNB*:KeNB*=KDF(KeNB,PCI,DL EARFCN,PDCP COUNT)

where, the KDF is a key generation function; the KeNB is an accessstratum root key on a Uu air interface or a key acquired according tothis root key; the PDCP COUNT value may be a PDCP COUNT valuecorresponding to the bearer involved in the configuration message forconfiguring the Hi branch; the PCI (Physical Cell Identity, physicalcell identity) is a cell identifier of an LTE-Hi cell covered by theLTE-Hi node; the DL EARFCN (DownLink E-UTRA Absolute Radio FrequencyChannel Number, downlink E-UTRA absolute radio frequency channel number)indicates a central frequency of the LTE-Hi cell. This expression ismerely an example and does not pose any limitation on how to acquire theKeNB*.

After acquiring the KeNB*, the LTE-Hi node may activate access stratumsecurity protection on the Uu′ air interface by means of an AS SMC(Access Stratum Security Mode Command, access stratum security modecommand) process. The activation process may be the same as a process ofactivating access stratum security protection on the Uu air interface inthe prior art except that a parameter involved in the process is aparameter on the Uu′ air interface instead of a parameter on the Uu airinterface. In addition, a manner of deriving a cipher key or anintegrity protection key on the Uu′ air interface is the same as amanner of deriving a cipher key and an integrity protection key of anLTE access stratum, and is not described herein again.

Second Example

A difference between the second example illustrated in FIG. 7 and thefirst example mainly lies in a KeNB* acquisition manner. A KeNB* iscalculated according to a random number in the second example but iscalculated according to the PDCP COUNT value in the first example.

In the second example, the random number is introduced to distinguishdifferent keys derivderived by an eNB at different time:KeNB*=KDF(KeNB,PCI,DL EARFCN,nonce1,nonce2)

where, the KeNB* is an access stratum root key on a Uu′ air interface;the KDF is a key generation function; the KeNB is an access stratum rootkey on a Uu air interface; the PCI is a cell identifier of an LTE-Hicell covered by an LTE-Hi node; the DL EARFCN indicates a centralfrequency of the LTE-Hi cell; the nonce1 is a random number generated bythe eNB; the nonce2 is a random number generated by a UE. It should benoted that, although both the nonce1 and the nonce2 are used in theforegoing KeNB* derivation manner, the nonce1 or the nonce2 may be usedindependently as long as the random number is used when the KeNB* isderived. When both the nonce1 and the nonce2 are used to derive theKeNB*, better security may be provided. In addition, this expression ismerely an example and does not pose any limitation on how to acquire theKeNB*. For example, when the KeNB* is derived, only the PCI or the DLEARFCN may be used, or neither of them is used.

In S705, the UE performs data transmission with the eNB by using the Uuair interface. Data communicated between the UE and a core network, apacket network or the like is forwarded between the eNB and an MME/SGW(Serving Gateway, serving gateway)/PGW (Packet Data Network Gateway,packet data network gateway).

As shown in FIG. 7, three data channels are set up between the UE andthe MME/SGW/PGW, that is, E-RAB (E-UTRAN Radio Access Bearer, E-UTRANradio access bearer)=0, E-RAB=1, and E-RAB=2. E-RAB=0 includes radiobearer (Radio Bearer, RB)=0 between the UE and the eNB and an S1 bearerbetween the eNB and the MME/SGW/PGW; E-RAB=1 includes RB=1 between theUE and the eNB and the S1 bearer between the eNB and the MME/SGW/PGW;E-RAB=2 includes RB=2 between the UE and the eNB and the S1 bearerbetween the eNB and the MME/SGW/PGW.

In S710, the UE performs LTE-Hi AP measurement.

In S715, the UE sends a measurement report to the eNB, where themeasurement report contains a CGI (Cell Global Identity, cell globalidentity) list found by the UE for LTE-Hi APs.

In S720, the eNB selects, according to the measurement report, an LTE-HiAP from LTE-Hi APs reported by the UE to serve the eNB. In this example,assume that the eNB selects the LTE-Hi AP 1 in the architectureillustrated in FIG. 4, which is called the LTE-Hi node for short.

In S725, the eNB sends an RRC connection reconfiguration(RRCConnectionReconfiguration) message to the UE, where the messagecarries the CGI of the LTE-Hi AP selected by the eNB. If the randomnumber nonce1 generated by the eNB needs to be used to derivderive theKeNB*, the nonce1 is also carried in the RRC connection reconfigurationmessage.

In S730, the UE calculates the KeNB* and derivderives an access stratumkey on the Uu′ air interface according to the KeNB*. As described in theexpression in the second example, the KeNB* may be calculated by usingthe nonce1, by using the nonce2, or by using both the nonce1 and thenonce2. When the nonce2 needs to be used for calculation of the KeNB*,the UE generates the random number nonce2 randomly.

In S735, the UE sends an RRC connection request (RRCConnectionRequest)message to the LTE-Hi node according to the LTE-Hi node selected by theeNB.

In S740, the LTE-Hi node sends an RRC connection setup(RRCConnectionSetup) message to the UE.

In S745, the UE sends an RRC connection setup completion(RRCConnectionSetupComplete) message to the LTE-Hi node.

In S750, the UE accesses the LTE-Hi cell served by the LTE-Hi node andsends an RRC connection reconfiguration completion(RRCConnectionReconfigurationComlpete) message to the eNB. When thenonce2 needs to be used to derivderive the KeNB*, in addition to aC-RNTI (Cell-Radio Network Temporary Identifier, cell-radio networktemporary identifier) allocated by the LTE-Hi node which needs to becarried by this message in the prior art, this message also needs tocarry the nonce2.

In S755, the eNB calculates the KeNB*. When the nonce2 randomlygenerated by the UE needs to be used for calculation of the KeNB*, theeNB needs to calculate the KeNB* after receiving the nonce2 in S750.When only the nonce1 instead of the nonce2 is required for thecalculation of the KeNB*, the eNB may also calculate the KeNB* after thenonce1 is generated.

In S760, the eNB sends a UE context to the LTE-Hi node, where the UEcontext needs to include the KeNB* and a UE security capability. TheKeNB* is used by the LTE-Hi node to derivderive the access stratum keyand the UE security capability is used by the LTE-Hi node to perform ASSMC negotiation with the UE.

In S765, the LTE-Hi node triggers an AS SMC process to negotiate a Uu′security algorithm with the UE and activates AS security protection. TheAS SMC process performed by the LTE-Hi node and the UE may be the sameas an AS SMC process performed on the Uu air interface in the prior artand is not described herein again. After that, integrity and cipheringprotection may be performed on all messages on the Uu′ air interfaceaccording to Krrcint and Krrcenc derivderived from the KeNB*, andciphering protection may be performed for user plane data according toKupenc. A method for derivderiving an integrity protection key and acipher key of RRC signaling, and a cipher key of the user plane data isthe same as a method for derivderiving an LTE AS key.

In S770, the eNB sends an E-RAB setup request message to the LTE-Hinode, where the message carries an E-RAB list to be set and the C-RNTIof the UE. Assume that E-RAB=2 is to be set.

In S775, the LTE-Hi node sends the RRC connection reconfigurationmessage to the UE, where the message carries E-RAB=2 and RB=3.

In S780, the UE returns the RRC connection reconfiguration completionmessage to the LTE-Hi node.

In S785, the LTE-Hi node returns an E-RAB setup response message to theeNB, where the message carries an E-RAB setup list including RB=3.

In S790, the eNB sends the RRC connection reconfiguration message to theUE, requesting the UE to release RB=2.

In S795, the UE returns the RRC connection reconfiguration completionmessage to the eNB.

In this way, the three data channels E-RAB=0, E-RAB=1 and E-RAB=2 areset up between the UE and the MME/SGW/PGW upon configuration of the Hibranch by the eNB. E-RAB=0 and E-RAB=1 are the same as initial E-RAB=0and E-RAB=1. E-RAB=2 after reconfiguration includes RB=3 between the UEand the LTE-Hi node, an S1′ bearer between the LTE-Hi node and the eNB,and the S1 bearer between the eNB and the MME/SGW/PGW.

The following describes another method 800 for generating an accessstratum key in a communications system according to an embodiment of thepresent invention with reference to FIG. 8. In the communicationssystem, a UE accesses a core network via a base station by using a firstair interface and connects to the base station via an access device byusing a second air interface to access the core network. Therefore, thecommunications system that the method 800 applies to is a systemsupporting data offloading transmission, and the UE may connect to thebase station by using the two air interfaces at the same time. Such acommunications system may include but is not limited to: an LTE-Hiarchitecture, an LTE-WiFi architecture, a WCDMA-WiFi architecture, andthe like.

As shown in FIG. 8, the method 800 includes:

in S810, acquiring an access stratum root key KeNB on the first airinterface; and

in S820, sending the KeNB to the access device so that the access devicecalculates an access stratum root key KeNB* on the second air interfaceaccording to an acquired input parameter and the KeNB and generates anaccess stratum key on the second air interface according to the KeNB*,where the KeNB* is also calculated by the UE according to the inputparameter and the KeNB, the access stratum key on the second airinterface is also generated by the UE according to the KeNB*, and theinput parameter includes a time-varying parameter and/or a parameterrelated to a serving cell of the access device.

The method 800 is performed by the base station. According to the priorart, the base station and the UE save the KeNB on the first airinterface. In this embodiment of the present invention, the base stationsends the saved KeNB to the access device. In this way, the accessdevice may generate the KeNB* according to the input parameter and theKeNB. The UE also has the same input parameter and therefore the UE mayalso generate the KeNB* according to the KeNB saved in the UE. In thisway, the access device and the UE may derivderive the same accessstratum key on the second air interface according to the same root keyKeNB*.

As a result, the access stratum key may be introduced on the second airinterface to help perform secure transmission. Therefore, when theaccess stratum key is used for data transmission over the second airinterface, security of data transmission over the second air interfacemay be improved and security of data transmitted between the accessdevice and the user equipment is ensured.

FIG. 8 describes the method 800 for generating an access stratum key ona base station side. The following describes a method 900 for generatingan access stratum key on an access device side according to anembodiment of the present invention with reference to FIG. 9 and amethod 1000 for generating an access stratum key on a UE side accordingto an embodiment of the present invention with reference to FIG. 10.Both the method 900 and the method 1000 correspond to the method 800.Therefore, for specific descriptions of the method 900 and the method1000, reference may be made to the corresponding parts of the method800, and details are not described herein again to avoid repetition.Both the method 900 and the method 1000 apply to the followingcommunications system: a UE accesses a core network via a base stationby using a first air interface and connects to the base station via anaccess device by using a second air interface to access the corenetwork.

As shown in FIG. 9, the method 900 includes:

in S910, acquiring an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the access device;

in S920, receiving an access stratum root key KeNB on the first airinterface from the base station;

in S930, calculating an access stratum root key KeNB* on the second airinterface according to the input parameter and the KeNB, where the KeNB*is also calculated by the UE according to the input parameter and theKeNB; and

in S940, generating an access stratum key on the second air interfaceaccording to the KeNB*, where the access stratum key on the second airinterface is also generated by the UE according to the KeNB*.

The method 900 is performed by the access device. The access device maygenerate the access stratum root key KeNB* on the second air interfaceby using the acquired input parameter and the KeNB received from thebase station. The UE may also generate the same KeNB* by using theacquired input parameter and the KeNB saved in the UE. In this way, boththe access device and the UE may have the same root key KeNB* and mayderivderive the same access stratum key on the second air interface byusing the KeNB*, thereby enhancing security of data transmission overthe second air interface.

Although S910 is performed before S920 in the method 900, S910 may alsobe performed after S920 or may be performed simultaneously with S920 aslong as they are performed before S930.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the access device. Inthis case, the access device acquires the input parameter according tothe random number generated by itself. To enable the UE to also acquirethe input parameter, the access device needs to send the random numbergenerated by itself to the UE. For example, the access device may send asecurity mode command message to the UE, where the security mode commandmessage carries the random number generated by the access device. Inthis way, carrying the random number in the security mode commandmessage may prevent an increase in network overhead due to use of a newmessage to transmit the random number and ensure that transmission ofthe random number does not affect an existing message sending sequence.The UE and the access device may generate the same KeNB* by using thesame input parameter and the KeNB.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the UE. In this case,the UE acquires the input parameter according to the random numbergenerated by itself. To enable the access device to also acquire theinput parameter, the UE needs to send the random number generated byitself to the access device. For example, the access device may receivea setup completion message used to indicate that a radio link issuccessfully set up on the second air interface from the UE, where thesetup completion message carries the random number generated by the UE.In this way, carrying the random number in the setup completion messagemay prevent an increase in network overhead due to use of a new messageto transmit the random number and ensure that transmission of the randomnumber does not affect the existing message sending sequence.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a first random number generated by the accessdevice and a second random number generated by the UE. To enable theaccess device and the UE to have the same input parameter for generatingthe same KeNB*, the access device needs to send the first random numberto the UE, for example, by using the security mode command message, andthe UE needs to send the second random number to the base station, forexample, by using the setup completion message used to indicate that theradio link is successfully set up on the second air interface.Generation of the KeNB* by using the random numbers separately generatedby the access device and the UE has higher security than generation ofthe KeNB* by using only the random number generated by the access deviceor the UE.

According to one embodiment of the present invention, when the inputparameter includes the parameter related to the serving cell of theaccess device, the parameter related to the serving cell of the accessdevice may include at least one of the following items: a cellidentifier of the serving cell of the access device and a centralfrequency of the serving cell of the access device. Use of relevantparameters of different cells helps ensure that the derivderived KeNB*is different for different cells.

According to the method for generating an access stratum key in thisembodiment of the present invention, the user equipment and the accessdevice may use the same input parameter and the KeNB to generate thesame root key KeNB*, so that the same access stratum key on the secondair interface may be derivderived based on the KeNB*. Therefore, whenthe access stratum key is used for data transmission over the second airinterface, security of data transmission over the second air interfacemay be improved and security of data transmitted between the accessdevice and the user equipment is ensured.

As shown in FIG. 10, the method 1000 includes:

in S1010, acquiring an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the access device;

in S1020, calculating an access stratum root key KeNB* on the second airinterface according to the input parameter and an access stratum rootkey KeNB on the first air interface, where the KeNB* is also calculatedby the access device according to the input parameter and the KeNBreceived from the base station; and

in S1030, generating an access stratum key on the second air interfaceaccording to the KeNB*, where the access stratum key on the second airinterface is also generated by the access device according to the KeNB*.

The method 1000 is performed by the user equipment. The user equipmentmay generate the access stratum root key KeNB* on the second airinterface by using the acquired input parameter and the KeNB known byitself. The access device may also generate the same KeNB* by using theacquired input parameter and the KeNB received from the base station. Inthis way, both the user equipment and the access device may have thesame root key KeNB* and may derivderive the same access stratum key onthe second air interface by using the KeNB*, thereby enhancing securityof data transmission over the second air interface.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the access device. Inthis case, the UE needs to receive the random number generated by theaccess device from the access device. For example, the UE may receive asecurity mode command message from the access device, where the securitymode command message carries the random number generated by the accessdevice. In this way, carrying the random number in the security modecommand message may prevent an increase in network overhead due to useof a new message to transmit the random number and ensure thattransmission of the random number does not affect an existing messagesending sequence. The UE and the access device may generate the sameKeNB* by using the same input parameter and the KeNB, therebyderivderiving the same access stratum key.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a random number generated by the UE. In this case,the UE needs to send the random number to the access device so that theaccess device may generate the same KeNB* as the UE. For example, the UEmay send a setup completion message used to indicate that a radio linkis successfully set up on the second air interface to the access device,where the setup completion message carries the random number generatedby the UE. In this way, carrying the random number in the setupcompletion message may prevent an increase in network overhead due touse of a new message to transmit the random number and ensure thattransmission of the random number does not affect the existing messagesending sequence.

According to one embodiment of the present invention, when the inputparameter includes the time-varying parameter, the time-varyingparameter may include a first random number generated by the accessdevice and a second random number generated by the UE. To enable theaccess device and the UE to have the same input parameter for generatingthe same KeNB*, the access device needs to send the first random numberto the UE, for example, by using the security mode command message, andthe UE needs to send the second random number to the access device, forexample, by using the setup completion message used to indicate that theradio link is successfully set up on the second air interface.Generation of the KeNB* by using the random numbers separately generatedby the access device and the UE has higher security than generation ofthe KeNB* by using only the random number generated by the access deviceor the UE.

According to one embodiment of the present invention, when the inputparameter includes the parameter related to the serving cell of theaccess device, the parameter related to the serving cell of the accessdevice may include at least one of the following items: a cellidentifier of the serving cell of the access device and a centralfrequency of the serving cell of the access device. Use of relevantparameters of different cells helps ensure that the derivderived KeNB*is different for different cells.

According to the method for generating an access stratum key in thisembodiment of the present invention, the user equipment and the accessdevice may use the same input parameter and the KeNB to generate thesame root key KeNB*, so that the same access stratum key on the secondair interface may be derivderived based on the KeNB*. Therefore, whenthe access stratum key is used for data transmission over the second airinterface, security of data transmission over the second air interfacemay be improved and security of data transmitted between the accessdevice and the user equipment is ensured.

The following describes specific implementation of the method 800 to themethod 1000 with reference to a specific example. A third example ismerely used to help understand the technical solutions provided by thepresent invention and does not pose any limitation on the protectionscope of the present invention. The third example is also implemented inthe LTE-Hi architecture illustrated in FIG. 4, and the LTE-Hi AP 1 isalso called an LTE-Hi node.

Third Example

A difference between the third example illustrated in FIG. 11 and thesecond example mainly lies in a KeNB* calculation entity. A KeNB* iscalculated by the LTE-Hi node and a UE in the third example but iscalculated by an eNB and the UE in the second example.

In the third example, the LTE-Hi node and the UE may derivderive anaccess stratum root key KeNB* on a Uu′ air interface according to thefollowing expression:KeNB*=KDF(KeNB,PCI,DL EARFCN,nonce3,nonce4)

where, the KDF is a key generation function; the KeNB is an accessstratum root key on a Uu air interface; the PCI is a cell identifier ofan LTE-Hi cell covered by the LTE-Hi node; the DL EARFCN indicates acentral frequency of the LTE-Hi cell; the nonce3 is a random numberrandomly generated by the LTE-Hi node; the nonce4 is a random numberrandomly generated by the UE. It should be noted that, although both thenonce3 and the nonce4 are used in the foregoing KeNB* derivation manner,the nonce3 or the nonce4 may be used independently as long as the randomnumber is used when the KeNB* is derived. When both the nonce3 and thenonce4 are used to derive the KeNB*, better security may be provided andkey values derived at different time are different. Moreover, the nonce3and the nonce4 have an anti-replay function. In addition, thisexpression is merely an example and does not pose any limitation on howto acquire the KeNB*. For example, the LTE-Hi node may use only the PCIor the DL EARFCN or may use neither of them when deriving the KeNB*.When only one Hi cell is available under the LTE-Hi node, the PCI andthe DL EARFCN may not be used.

In S1105, the UE performs data transmission with the eNB by using the Uuair interface, and data communicated between the UE and a core network,a packet network or the like is forwarded between the eNB and anMME/SGW/PGW.

As shown in FIG. 11, three data channels are set up between the UE andthe MME/SGW/PGW, that is, E-RAB=0, E-RAB=1 and E-RAB=2. E-RAB=0 includesRB=0 between the UE and the eNB and an S1 bearer between the eNB and theMME/SGW/PGW; E-RAB=1 includes RB=1 between the UE and the eNB and the S1bearer between the eNB and the MME/SGW/PGW; E-RAB=2 includes RB=2between the UE and the eNB and the S1 bearer between the eNB and theMME/SGW/PGW.

In S1110, the UE performs LTE-Hi AP measurement.

In S1115, the UE sends a measurement report to the eNB, where themeasurement report includes a CGI list found by the UE for LTE-Hi APs.

In S1120, the eNB selects, according to the measurement report, anLTE-Hi AP from LTE-Hi APs reported by the UE to serve the eNB. In thisexample, assume that the eNB selects the LTE-Hi AP 1 in the architectureillustrated in FIG. 4, which is called the LTE-Hi node for short.

In S1125, the eNB sends an RRC connection reconfiguration message to theUE, where the message carries a CGI of the LTE-Hi AP selected by theeNB.

In S1130, the UE sends an RRC connection request message to the LTE-Hinode.

In S1135, the LTE-Hi node sends an RRC connection setup message to theUE.

In S1140, the LTE-Hi node sends an RRC connection setup completionmessage to the UE, where the message carries the random number nonce4generated by the UE.

In S1145, the UE sends an RRC connection reconfiguration completionmessage to the eNB, where the message carries a C-RNTI allocated by theLTE-Hi node.

In S1150, the eNB sends a UE context to the LTE-Hi node, where the UEcontext includes the KeNB and a UE security capability.

In S1155, the LTE-Hi node generates the random number nonce3, calculatesthe KeNB* according to the received nonce4 and the randomly generatednonce3, and calculates an access stratum key according to the KeNB*.

In S1160, the LTE-Hi node sends a security mode command to the UE, wherethe command carries the nonce3.

In S1165, the UE calculates the KeNB* according to the nonce4 and thenonce3, and calculates the access stratum root key according to theKeNB*.

In S1170, the UE returns a security mode completion message to theLTE-Hi node. After that, ciphering and integrity protection areperformed on all RRC messages transmitted between the UE and the LTE-Hinode, by using Krrcint and Krrcenc derived from the KeNB*, and/orciphering protection is performed for all user plane data by usingKupenc derived from the KeNB*.

In S1175, the eNB sends an E-RAB setup request message to the LTE-Hinode, where the message carries an E-RAB list to be set and the C-RNTIof the UE. Assume that E-RAB=2 is to be set.

In S1180, the LTE-Hi node sends the RRC connection reconfigurationmessage to the UE, where the message carries E-RAB=2 and RB=3.

In S1185, the UE returns the RRC connection reconfiguration completionmessage to the LTE-Hi node.

In S1190, the LTE-Hi node returns an E-RAB setup response message to theeNB, where the message carries an E-RAB setup list including RB=3.

In S1195, the eNB sends the RRC connection reconfiguration message tothe UE, requesting the UE to release RB=2.

In S1198, the UE returns the RRC connection reconfiguration completionmessage to the eNB.

In this way, the three data channels E-RAB=0, E-RAB=1 and E-RAB=2 areset up between the UE and the MME/SGW/PGW upon configuration of a Hibranch by the eNB. E-RAB=0 and E-RAB=1 are the same as initial E-RAB=0and E-RAB=1. E-RAB=2 after reconfiguration includes RB=3 between the UEand the LTE-Hi node, an S1′ bearer between the LTE-Hi node and the eNB,and the S1 bearer between the eNB and the MME/SGW/PGW.

Although the nonce3 and the nonce4 are sent by using the security modecommand message and the RRC connection setup completion messagerespectively in the third example, the nonce3 and the nonce4 may also besent to a peer end by using other messages. In addition, a method forderiving an integrity protection key and a cipher key of RRC signalingand a cipher key of user plane data is the same as a method for derivingan LTE AS key.

The following describes still another method 1200 for generating anaccess stratum key in a communications system according to an embodimentof the present invention with reference to FIG. 12. In thecommunications system, a UE accesses a core network via a base stationby using a first air interface and connects to the base station via anaccess device by using a second air interface to access the corenetwork. Therefore, the communications system that the method 1200applies to is a system supporting data offloading transmission, and theUE may connect to the base station by using the two air interfaces atthe same time. Such a communications system may include but is notlimited to: an LTE-Hi architecture, an LTE-WiFi architecture, aWCDMA-WiFi architecture, and the like.

As shown in FIG. 12, the method 1200 includes:

in S1210, acquiring an access stratum root key KeNB on the first airinterface; and

in S1220, sending the KeNB to the access device so that the accessdevice generates an access stratum key on the second air interfaceaccording to the KeNB, where the access stratum key on the second airinterface is also generated by the UE according to the KeNB.

The method 1200 is performed by the base station. According to the priorart, the base station and the UE save the KeNB on the first airinterface. In this embodiment of the present invention, the KeNB isdirectly used as the access stratum root key KeNB* on the second airinterface. In this way, after receiving the KeNB from the base station,the access device, together with the UE, may use the KeNB as the accessstratum root key on the second air interface and derive the accessstratum key on the second air interface by using the KeNB, therebyintroducing the access stratum key used for secure transmission over thesecond air interface.

During derivation of the access stratum key, the access device and theUE may use a preset derivation algorithm The access device and the UEmay generate the same access stratum key when they have the same rootkey and derivation algorithm, thereby helping implement secure datatransmission.

According to the method for generating an access stratum key in thisembodiment of the present invention, the access device and the UE usethe KeNB as the access stratum root key KeNB* on the second airinterface and may derive the same access stratum key on the second airinterface together. Therefore, when the access stratum key is used fordata transmission over the second air interface, security of datatransmission over the second air interface may be improved and securityof data transmitted between the access device and the user equipment isensured. In addition, directly using the KeNB as the KeNB* featuressimple implementation and low complexity.

FIG. 12 describes the method 1200 for generating an access stratum keyon a base station side. The following describes a method 1300 forgenerating an access stratum key on an access device side according toan embodiment of the present invention with reference to FIG. 13 and amethod 1400 for generating an access stratum key on a UE side accordingto an embodiment of the present invention with reference to FIG. 14.Both the method 1300 and the method 1400 correspond to the method 1200.Therefore, for specific descriptions of the method 1300 and the method1400, reference may be made to the corresponding parts of the method1200, and details are not described herein again to avoid repetition.Both the method 1300 and the method 1400 apply to the followingcommunications system: a UE accesses a core network via a base stationby using a first air interface and connects to the base station via anaccess device by using a second air interface to access the corenetwork.

As shown in FIG. 13, the method 1300 includes:

in S1310, receiving an access stratum root key KeNB on the first airinterface from the base station; and

in S1320, generating an access stratum key on the second air interfaceaccording to the KeNB, where the access stratum key on the second airinterface is also generated by the UE according to the KeNB.

The method 1300 is performed by the access device. By acquiring the KeNBfrom the base station, the access device, together with the UE, may usethe KeNB as an access stratum root key on the second air interface andderive, according to the KeNB, the same access stratum key used on thesecond air interface. This introduces a key used for secure transmissionover the second air interface and solves a problem in the prior artwhere security of transmission over the second air interface cannot beensured.

According to the method for generating an access stratum key in thisembodiment of the present invention, the access device and the UE usethe KeNB as the access stratum root key on the second air interface andmay derive the same access stratum key on the second air interfacetogether. Therefore, when the access stratum key is used for datatransmission over the second air interface, security of datatransmission over the second air interface may be improved and securityof data transmitted between the access device and the user equipment isensured. In addition, directly using the KeNB as the KeNB* featuressimple implementation and low complexity.

As shown in FIG. 14, the method 1400 includes:

in S1410, acquiring an access stratum root key KeNB on the first airinterface; and

in S1420, generating an access stratum key on the second air interfaceaccording to the KeNB, where the access stratum key on the second airinterface is also generated by the access device according to the KeNBreceived from the base station.

The method 1400 is performed by the user equipment. The user equipmentand the access device use the KeNB as an access stratum root key on thesecond air interface and may derive the same access stratum key on thesecond air interface together. Therefore, when the access stratum key isused for data transmission over the second air interface, security ofdata transmission over the second air interface may be improved andsecurity of data transmitted between the access device and the userequipment is ensured. In addition, directly using the KeNB as the KeNB*features simple implementation and low complexity.

The following describes specific implementation of the method 1200 tothe method 1400 with reference to a specific example. A fourth exampleis merely used to help understand the technical solutions provided bythe present invention and does not pose any limitation on the protectionscope of the present invention. The fourth example is also implementedin the LTE-Hi architecture illustrated in FIG. 4, and the LTE-Hi AP 1 isalso called an LTE-Hi node.

Fourth Example

In this example, an access stratum root key KeNB* on a Uu′ air interfaceis the same as an access stratum root key KeNB on a Uu air interface. Inthis way, an eNB sends a UE context including the KeNB to the LTE-Hinode, so that the LTE-Hi node acquires the KeNB and further determinesthe KeNB*.

The LTE-Hi node and the UE negotiate an algorithm according to the KeNBand generate an access stratum key used on the Uu′ air interface. Thealgorithm negotiated by the LTE-Hi node and the UE may be an algorithmpreset in the LTE-Hi node and the UE, an algorithm used on the Uu airinterface, or an algorithm that the LTE-Hi node selects and then sendsto the UE. By directly using the KeNB as the KeNB*, the LTE-Hi node andthe UE may derive a cipher key and an integrity protection key used onthe Uu′ air interface, thereby performing secure data transmission.

The foregoing describes the methods for generating an access stratum keyin a communications system according to the embodiments of the presentinvention. The following describes structural block diagrams ofcorresponding devices according to embodiments of the present inventionwith reference to FIG. 15 to FIG. 18. Because the devices in FIG. 15 toFIG. 18 are configured to implement the methods for generating an accessstratum key according to the embodiments of the present invention, forspecific operations and details of the devices, reference may be made tothe descriptions in the foregoing methods.

FIG. 15 and FIG. 15a are structural diagrams of a network-side device ina communications system according to embodiments of the presentinvention. In the communications system, a user equipment UE accesses acore network via a first network-side device by using a first airinterface and connects to the first network-side device via a secondnetwork-side device by using a second air interface to access the corenetwork. The network-side device may be the first network-side device,for example, a base station. The network-side device may also be thesecond network-side device, for example, an access device.

When the network-side device is the second network-side device, thenetwork-side device includes an acquiring module 1510, a calculatingmodule 1520, and a generating module 1530. The acquiring module 1510 maybe implemented by using an input interface and/or a processor. Thecalculating module 1520 and the generating module 1530 may beimplemented by using the processor. The acquiring module 1510 isconfigured to acquire an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the second network-side device. The calculating module1520 is configured to calculate an access stratum root key KeNB* on thesecond air interface according to the input parameter acquired by theacquiring module 1510 and an access stratum root key KeNB on the firstair interface, or use the KeNB as the access stratum root key KeNB* onthe second air interface. The generating module 1530 is configured togenerate an access stratum key on the second air interface according tothe KeNB* calculated by the calculating module 1520.

For the forgoing and other operations and/or functions of the acquiringmodule 1510, the calculating module 1520, and the generating module1530, reference may be made to the corresponding descriptions in themethods 200, 900 and 1300 and the first to fourth examples, and detailsare not described herein again to avoid repetition.

As shown in FIG. 15a , when the network-side device is the firstnetwork-side device, the network-side device includes the acquiringmodule 1510, the calculating module 1520, and a sending module 1530′.The acquiring module 1510 may be implemented by using the inputinterface and/or the processor. The calculating module 1520 may beimplemented by using the processor. The sending module 1530′ may beimplemented by using an output interface.

When the network-side device is the first network-side device, theacquiring module 1510 is configured to acquire the input parameter,where the input parameter includes the time-varying parameter and/or theparameter related to the serving cell of the second network-side device.The calculating module 1520 is configured to calculate the accessstratum root key KeNB* on the second air interface according to theinput parameter and the access stratum root key KeNB on the first airinterface, or use the KeNB as the access stratum root key KeNB* on thesecond air interface. The sending module 1530′ is configured to send theKeNB* calculated by the calculating module 1520 to the secondnetwork-side device, so that the second network-side device generatesthe access stratum key on the second air interface according to theKeNB*.

For the forgoing and other operations and/or functions of the acquiringmodule 1510, the calculating module 1520, and the sending module 1530′,reference may be made to the corresponding descriptions in the methods100, 800 and 1200 and the first to fourth examples, and details are notdescribed herein again to avoid repetition.

According to the network-side device in the communications system in theembodiments of the present invention, the access device and the UE mayfurther derive the access stratum key on the second air interface byacquiring the same root key KeNB*, thereby introducing the accessstratum key on the second air interface to help perform securetransmission. Therefore, when the access stratum key is used for datatransmission over the second air interface, security of datatransmission over the second air interface may be improved and securityof data transmitted between the access device and the user equipment isensured.

FIG. 16 and FIG. 16a are structural block diagrams of a network-sidedevice in a communications system according to embodiments of thepresent invention. In the communications system, a user equipment UEaccesses a core network via a first network-side device by using a firstair interface and connects to the first network-side device via a secondnetwork-side device by using a second air interface to access the corenetwork. An acquiring module 1610, a calculating module 1620, and agenerating module 1630 or a sending module 1630′ of the network-sidedevice are basically the same as an acquiring module 1510, a calculatingmodule 1520, and a generating module 1530 or a sending module 1530′ of anetwork-side device. As mentioned above, the network-side deviceincludes either the generating module 1630 or the sending module 1630′.When the network-side device is the second network-side device, thenetwork-side device includes the generating module 1630. When thenetwork-side device is the first network-side device, the network-sidedevice includes the sending module 1630′.

According to one embodiment of the present invention, if thenetwork-side device is the second network-side device, the network-sidedevice further includes a receiving module 1640 that is configured toreceive a KeNB from the first network-side device.

According to one embodiment of the present invention, a time-varyingparameter acquired by the acquiring module 1610 may include a PDCP COUNTvalue of a bearer of the UE on the first air interface. For example, thePDCP COUNT value acquired by the acquiring module 1610 may correspond toa configuration message, where the configuration message is aconfiguration message used for configuring the second air interface forthe network-side device. In this way, when the network-side device is abase station, the base station and the UE may conveniently acquire thetime-varying parameter by specifying the PDCP COUNT value of a bearer onthe base station and the UE instead of by exchanging a message, whichmay save network resources.

According to one embodiment of the present invention, the time-varyingparameter acquired by the acquiring module 1610 may include a randomnumber generated by the network-side device and/or a random numbergenerated by the UE. In this case, the acquiring module 1610 isspecifically configured to acquire the random number generated by thenetwork-side device and/or the random number generated by the UE. Thenetwork-side device needs to further include a transmitting module 1650that is configured to send the random number generated by thenetwork-side device to the UE or receive the random number generated bythe UE from the UE.

According to one embodiment of the present invention, the transmittingmodule 1650 may be specifically configured to send the configurationmessage used for configuring the second air interface to the UE, wherethe configuration message carries the random number generated by thenetwork-side device. In this way, carrying the random number in theconfiguration message may prevent an increase in network overhead due touse of a new message to transmit the random number and ensure thattransmission of the random number does not affect an existing messagesending sequence.

According to one embodiment of the present invention, the acquiringmodule 1610 may be specifically configured to receive a setup completionmessage used to indicate that a radio link is successfully set up on thesecond air interface from the UE, where the setup completion messagecarries the random number generated by the UE. In another embodiment,the acquiring module 1610 may be configured to receive a configurationcompletion message in response to the configuration message used forconfiguring the second air interface from the UE, where theconfiguration completion message carries the random number generated bythe UE. In this way, carrying the random number in the setup completionmessage or in the configuration completion message may prevent anincrease in network overhead due to use of a new message to transmit therandom number and ensure that transmission of the random number does notaffect the existing message sending sequence.

In a case that the time-varying parameter includes both a first randomnumber generated by the network-side device and a second random numbergenerated by the UE, when the network-side device is the base station,to enable the base station and the UE to have the same input parameterfor generating the same KeNB*, the base station needs to send the firstrandom number to the UE, for example, by using the configuration messageused for configuring the second air interface, and the UE needs to sendthe second random number to the base station, for example, by using theconfiguration completion message in response to the configurationmessage. Generation of the KeNB* by using the random numbers separatelygenerated by the base station and the UE has higher security thangeneration of the KeNB* by using only the random number generated by thebase station or the UE. When the network-side device is an accessdevice, to enable the access device and the UE to have the same inputparameter for generating the same KeNB*, the access device needs to sendthe first random number to the UE, for example, by using a security modecommand message, and the UE needs to send the second random number tothe access device, for example, by using the setup completion messageused to indicate that the radio link is successfully set up on thesecond air interface. Generation of the KeNB* by using the randomnumbers separately generated by the access device and the UE has highersecurity than generation of the KeNB* by using only the random numbergenerated by the access device or the UE.

According to one embodiment of the present invention, the parameterrelated to the serving cell of the second network-side device mayinclude at least one of the following items: a cell identifier of theserving cell of the second network-side device and a central frequencyof the serving cell of the second network-side device. Use of relevantparameters of different cells helps ensure that the derived KeNB* isdifferent for different cells.

For the forgoing and other operations and/or functions of the receivingmodule 1640 and the transmitting module 1650, reference may be made tothe corresponding descriptions in the methods 100, 200, 800, 900, 1200and 1300 and the first to fourth examples, and details are not describedherein again to avoid repetition.

According to the network-side device in the communications system in theembodiments of the present invention, a key used for secure transmissionmay be introduced for the second air interface by using the same KeNB*to derive an access stratum root key on the second air interface.Therefore, when the access stratum key is used for data transmissionover the second air interface, security of data transmission over thesecond air interface may be improved and security of data transmittedbetween the access device and the user equipment is ensured.

FIG. 17 is a structural block diagram of a user equipment in acommunications system according to an embodiment of the presentinvention. In the communications system, the user equipment accesses acore network via a first network-side device by using a first airinterface and connects to the first network-side device via a secondnetwork-side device by using a second air interface to access the corenetwork.

The user equipment includes an acquiring module 1710, a calculatingmodule 1720, and a generating module 1730. The acquiring module 1710 maybe implemented by using a processor and/or an input interface. Thecalculating module 1720 and the generating module 1730 may beimplemented by using the processor. The acquiring module 1710 isconfigured to acquire an input parameter, where the input parameterincludes a time-varying parameter and/or a parameter related to aserving cell of the second network-side device. The calculating module1720 is configured to calculate an access stratum root key KeNB* on thesecond air interface according to the input parameter acquired by theacquiring module 1710 and an access stratum root key KeNB on the firstair interface, or use the KeNB as the access stratum root key KeNB* onthe second air interface. The generating module 1730 is configured togenerate an access stratum key on the second air interface according tothe KeNB* calculated by the calculating module 1720.

For the forgoing and other operations and/or functions of the acquiringmodule 1710, the calculating module 1720, and the generating module1730, reference may be made to the corresponding descriptions in themethods 300, 1000 and 1400 and the first to fourth examples, and detailsare not described herein again to avoid repetition.

According to the user equipment in the communications system in thisembodiment of the present invention, the user equipment and an accessdevice may acquire the KeNB-based root key KeNB*, thereby deriving thesame access stratum key on the second air interface based on the KeNB*.Therefore, when the access stratum key is used for data transmissionover the second air interface, security of data transmission over thesecond air interface may be improved and security of data transmittedbetween the access device and the user equipment is ensured.

FIG. 18 is a structural block diagram of a user equipment in acommunications system according to an embodiment of the presentinvention. In the communications system, the user equipment accesses acore network via a first network-side device by using a first airinterface and connects to the first network-side device via a secondnetwork-side device by using a second air interface to access the corenetwork. An acquiring module 1810, a calculating module 1820, and agenerating module 1830 of the user equipment are basically the same asan acquiring module 1710, a calculating module 1720, and a generatingmodule 1730 of a user equipment.

According to one embodiment of the present invention, a time-varyingparameter acquired by the acquiring module 1810 may include a randomnumber generated by a network-side device and/or a random numbergenerated by the UE. In this case, the acquiring module 1810 isspecifically configured to acquire the random number generated by thenetwork-side device and/or the random number generated by the UE. Theuser equipment further includes a transmitting module 1840. Thetransmitting module 1840 is configured to send the random number that isgenerated by the UE and acquired by the acquiring module 1810 to thenetwork-side device or receive the random number generated by thenetwork-side device. For example, the acquiring module 1810 may bespecifically configured to receive a security mode command message fromthe access device, where the security mode command message carries therandom number generated by the access device. In this way, carrying therandom number in the security mode command message may prevent anincrease in network overhead due to use of a new message to transmit therandom number and ensure that transmission of the random number does notaffect an existing message sending sequence. For another example, thetransmitting module 1840 may be specifically configured to send a setupcompletion message used to indicate that a radio link is successfullyset up on the second air interface to the access device, where the setupcompletion message carries the random number generated by the UE. Inthis way, carrying the random number in the setup completion message mayprevent an increase in network overhead due to use of a new message totransmit the random number and ensure that transmission of the randomnumber does not affect the existing message sending sequence. For stillanother example, the transmitting module 1840 may be specificallyconfigured to receive a configuration message that is sent by thenetwork-side device to the UE and used for configuring the second airinterface, where the configuration message carries the random numbergenerated by the network-side device. This may also prevent an increasein network overhead due to use of a new message to transmit the randomnumber and does not affect the existing message sending sequence.

In a case that the time-varying parameter includes both a first randomnumber generated by the network-side device and a second random numbergenerated by the user equipment, when the network-side device is theaccess device, to enable the access device and the user equipment tohave the same input parameter for generating the same KeNB*, the accessdevice needs to send the first random number to the user equipment, forexample, by using the security mode command message, and the userequipment needs to send the second random number to the access device,for example, by using the setup completion message used to indicate thatthe radio link is successfully set up on the second air interface.Generation of the KeNB* by using the random numbers separately generatedby the access device and the user equipment has higher security thangeneration of the KeNB* by using only the random number generated by theaccess device or the user equipment. When the network-side device is abase station, to enable the base station and the user equipment to havethe same input parameter for generating the same KeNB*, the base stationneeds to send the first random number to the user equipment, forexample, by using the configuration message used for configuring thesecond air interface, and the user equipment needs to send the secondrandom number to the base station, for example, by using a configurationcompletion message in response to the configuration message. Generationof the KeNB* by using the random numbers separately generated by thebase station and the user equipment has higher security than generationof the KeNB* by using only the random number generated by the basestation or the user equipment.

According to one embodiment of the present invention, a parameterrelated to a serving cell of the second network-side device may includeat least one of the following items: a cell identifier of the servingcell of the second network-side device and a central frequency of theserving cell of the second network-side device. Use of relevantparameters of different cells helps ensure that the derived KeNB* isdifferent for different cells.

For the forgoing and other operations and/or functions of the acquiringmodule 1810 and the transmitting module 1840, reference may be made tothe corresponding descriptions in the methods 300, 1000 and 1400 and thefirst to fourth examples, and details are not described herein again toavoid repetition.

According to the user equipment in the communications system in theembodiments of the present invention, the user equipment and the accessdevice may use the same root key KeNB* to derive the same access stratumkey on the second air interface. Therefore, when the access stratum keyis used for data transmission over the second air interface, security ofdata transmission over the second air interface may be improved andsecurity of data transmitted between the access device and the userequipment is ensured. In addition, directly using a KeNB as the KeNB*features simple implementation and low complexity.

A person skilled in the art may be aware that, method steps and unitsdescribed in the embodiments disclosed in this specification may beimplemented by electronic hardware, computer software, or a combinationthereof. To clearly describe the interchangeability of hardware andsoftware, the foregoing has generally described steps and compositionsof each embodiment according to functions. Whether the functions areperformed by hardware or software depends on particular applications anddesign constraint conditions of the technical solutions. A personskilled in the art may use different methods to implement the describedfunctions for each particular application, but it should not beconsidered that the implementation goes beyond the scope of the presentinvention.

The method steps described in the embodiments disclosed in thisspecification may be implemented by hardware, a software programexecuted by a processor, or a combination thereof. The software programmay be stored in a random access memory (RAM), a memory, a read-onlymemory (ROM), an electrically programmable ROM, an electrically erasableprogrammable ROM, a register, a hard disk, a removable disk, a CD-ROM,or a storage medium of any other form known in the technical field.

Although some embodiments of the present invention have been described,a person skilled in the art should understand that all modificationsmade without departing from the spirit and principle of the presentinvention shall fall within the protection scope of the presentinvention.

What is claimed is:
 1. A method for generating an access stratum key ina communications system, wherein a first network-side device connects toa user equipment (UE) through a first air interface and accesses a corenetwork (CN), and the first network-side device connects to a secondnetwork-side device, wherein the second network-side device connects tothe UE through a second air interface, and the method comprises:acquiring, by the first network-side device, a random number generatedby the first network-side device, wherein the random number generated bythe first network-side device is a value of a counter which changes eachtime it is used; sending, by the first network-side device, aconfiguration message used for configuring the second air interface tothe UE, wherein the configuration message carries the random numbergenerated by the first network-side device; calculating, by the firstnetwork-side device, an access stratum root key KeNB* for the second airinterface according to the value of the counter and an access stratumroot key KeNB on the first air interface, wherein the second airinterface is between the second network-side device and the UE; andsending, by the first network-side device, the KeNB* to the secondnetwork-side device for generating a same access stratum key on thesecond air interface as the UE.
 2. The method according to claim 1,wherein the input parameter comprises a Packet Data Convergence Protocolcount (PDCP COUNT) value of a bearer of the UE on the first airinterface.
 3. The method according to claim 2, wherein the PDCP COUNTvalue corresponds to a configuration message and the configurationmessage is a configuration message used for the first network-sidedevice to configure the second air interface.
 4. A method for generatingan access stratum key in a communications system, wherein a userequipment (UE) in the communications system accesses a core network (CN)via a first network-side device by using a first air interface andconnects to the first network-side device via a second network-sidedevice by using a second air interface to access the core network, andthe method comprises: acquiring, by the UE, a random number generated bythe first network-side device, wherein the random number generated bythe first network-side device is a value of a counter which changes eachtime it is used; receiving, by the UE, a configuration message used forconfiguring the second air interface, wherein the configuration messagecarries the random number generated by the first network-side device;calculating, by the UE, an access stratum root key KeNB* on the secondair interface according to the value of the counter and an accessstratum root key KeNB on the first air interface, wherein the second airinterface is between the second network-side device and the UE;generating, by the UE, a same access stratum key on the second airinterface according to the KeNB* as the second network-side device; andtransmitting, by the UE, data with encryption according to the accessstratum key to the second network-side device.
 5. A network-side devicein a communications system, wherein a first network-side device connectsto a user equipment (UE) through a first air interface and accesses acore network (CN), and the first network-side device connects to asecond network-side device, wherein the second network-side deviceconnects to the UE through a second air interface, and the methodcomprises: a processor, configured to acquire a random number generatedby the first network-side device, wherein the random number generated bythe first network-side device is a value of a counter which changes eachtime it is used; a transmitter, configured to send a configurationmessage used for configuring the second air interface to the UE, whereinthe configuration message carries the random number generated by thefirst network-side device; the processor, configured to calculate anaccess stratum root key KeNB* on the second air interface according tothe value of the counter and an access stratum root key KeNB on thefirst air interface, wherein the second air interface is between thesecond network-side device and the UE; and the transmitter, configuredto send the KeNB* calculated by the processor to the second network-sidedevice for generating a same access stratum key on the second airinterface as the UE.
 6. The network-side device according to claim 5,wherein the input parameter acquired by the processor comprises a PacketData Convergence Protocol count (PDCP COUNT) value of a bearer of the UEon the first air interface.
 7. The network-side device according toclaim 6, wherein the PDCP COUNT value acquired by the processorcorresponds to a configuration message and the configuration message isa configuration message used for the network-side device to configurethe second air interface.
 8. A user equipment in a communicationssystem, wherein the user equipment (UE) in the communications systemaccesses a core network (CN) via a first network-side device by using afirst air interface and connects to the first network-side device via asecond network-side device by using a second air interface to access thecore network, and the user equipment comprises: a processor, configuredto acquire a random number generated by the first network-side device,wherein the random number generated by the first network-side device isa value of a counter which changes each time it is used; a receiver,configured to receive a configuration message used for configuring thesecond air interface, wherein the configuration message carries therandom number generated by the first network-side device; the processoris configured to calculate an access stratum root key KeNB* on thesecond air interface according to the value of the counter and an accessstratum root key KeNB on the first air interface, wherein the second airinterface is between the second network-side device and the UE; theprocessor is configured to generate a same access stratum key on thesecond air interface according to the KeNB* as the second network-sidedevice; and a transmitter, configured to transmit data with encryptionaccording to the access stratum key to the second network-side device.